Should all be the same underlying OS. 10.x would be the only one I'd worry about until someone can check if it is vulnerable since it may have a newer openssl version. On Apr 8, 2014 7:34 PM, "Lelio Fulgenzi" <[email protected]> wrote:
> Thanks Brian. > > Can we assume that ELM and UCCx is also not affected? Same 9.x train. > > > > Sent from my iPhone > > On 2014-04-08, at 7:21 PM, Brian Meade <[email protected]> wrote: > > Here we can see CUCM does not respond to the Heartbeat Request with any > data: > <image.png> > > For the root inclined, we can find what openssl version is running: > [root@CUCM912 ~]# openssl version > OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > > This new heartbeat bug isn't valid as OpenSSL didn't even implement > responding to the Heartbeat Requests until version 1.0.1. This is why CUCM > doesn't respond with any data. > > I don't have a 10.x box to check with right now. > > Brian > > > On Tue, Apr 8, 2014 at 7:01 PM, Brian Meade <[email protected]> wrote: > >> Here's what I found testing against 9.1.2.10000.28 with a slightly >> modified python script: >> bmeade@ubuntu:~$ python vulnscript 10.3.11.250 >> Connecting... >> Sending Client Hello... >> Waiting for Server Hello... >> ... received message: type = 22, ver = 0301, length = 1012 >> Sending heartbeat request... >> Unexpected EOF receiving record header - server closed connection >> No heartbeat response received, server likely not vulnerable >> >> This is assuming the released script is checking for the vulnerability >> properly. >> >> Brian >> >> >> On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <[email protected]> wrote: >> >>> I haven't seen one. Currently trying to run the example python script >>> against one of my clusters but having some trouble. >>> >>> >>> On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <[email protected]>wrote: >>> >>>> weird. for some reason i fixated on the date beneath the entry in the >>>> search listing which had 2011, which made more sense. >>>> >>>> do you know if there is a more recent advisory? >>>> >>>> >>>> --- >>>> Lelio Fulgenzi, B.A. >>>> Senior Analyst, Network Infrastructure >>>> Computing and Communications Services (CCS) >>>> University of Guelph >>>> >>>> 519‐824‐4120 Ext 56354 >>>> [email protected] >>>> www.uoguelph.ca/ccs >>>> Room 037, Animal Science and Nutrition Building >>>> Guelph, Ontario, N1G 2W1 >>>> >>>> ------------------------------ >>>> *From: *"Brian Meade" <[email protected]> >>>> *To: *"Lelio Fulgenzi" <[email protected]> >>>> *Cc: *"cisco-voip voyp list" <[email protected]> >>>> *Sent: *Tuesday, April 8, 2014 5:16:32 PM >>>> *Subject: *Re: [cisco-voip] openSSL and heartbleed >>>> >>>> >>>> I don't think that's the correct advisory. That's a DoS vulnerability >>>> from 2004. >>>> >>>> Brian >>>> >>>> >>>> On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <[email protected]>wrote: >>>> >>>>> nevermind... my first search did not produce results... >>>>> >>>>> >>>>> http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html >>>>> >>>>> >>>>> --- >>>>> Lelio Fulgenzi, B.A. >>>>> Senior Analyst, Network Infrastructure >>>>> Computing and Communications Services (CCS) >>>>> University of Guelph >>>>> >>>>> 519‐824‐4120 Ext 56354 >>>>> [email protected] >>>>> www.uoguelph.ca/ccs >>>>> Room 037, Animal Science and Nutrition Building >>>>> Guelph, Ontario, N1G 2W1 >>>>> >>>>> ------------------------------ >>>>> *From: *"Lelio Fulgenzi" <[email protected]> >>>>> *To: *"cisco-voip voyp list" <[email protected]> >>>>> *Sent: *Tuesday, April 8, 2014 5:09:01 PM >>>>> *Subject: *openSSL and heartbleed >>>>> >>>>> >>>>> >>>>> Does anyone know if/when Cisco will be coming out with a security >>>>> advisory about Open SSL and heartbleed? >>>>> >>>>> >>>>> http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309 >>>>> >>>>> >>>>> >>>>> --- >>>>> Lelio Fulgenzi, B.A. >>>>> Senior Analyst, Network Infrastructure >>>>> Computing and Communications Services (CCS) >>>>> University of Guelph >>>>> >>>>> 519‐824‐4120 Ext 56354 >>>>> [email protected] >>>>> www.uoguelph.ca/ccs >>>>> Room 037, Animal Science and Nutrition Building >>>>> Guelph, Ontario, N1G 2W1 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> cisco-voip mailing list >>>>> [email protected] >>>>> https://puck.nether.net/mailman/listinfo/cisco-voip >>>>> >>>>> >>>> >>>> >>> >> >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
